System and method for extracting user identifiers over encrypted communication traffic

US 9,641,444 B2
Filed: 01/23/2015
Issued: 05/02/2017
Est. Priority Date: 01/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

monitoring, by a processor, multiple flows of communication traffic;

sending, by the processor, a sequence of layer-7 messages in accordance with a first temporal pattern to a layer-7 identifier of a user;

identifying, by the processor, among the monitored flows a flow whose activity has a second temporal pattern that matches the first temporal pattern; and

associating, by the processor, the identified flow with the user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for extracting user identifiers over encrypted communication traffic are provided herein. An example method includes monitoring multiple flows of communication traffic. A sequence of messages is then sent to a user in accordance with a first temporal pattern. A flow whose activity has a second temporal pattern that matches the first pattern is then identified among the monitored flows. The identified flow is then associated with the user.

30 Citations

View as Search Results

20 Claims

1. A method, comprising:
- monitoring, by a processor, multiple flows of communication traffic;
  
  sending, by the processor, a sequence of layer-7 messages in accordance with a first temporal pattern to a layer-7 identifier of a user;
  
  identifying, by the processor, among the monitored flows a flow whose activity has a second temporal pattern that matches the first temporal pattern; and
  
  associating, by the processor, the identified flow with the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein identifying the flow comprises predicting a third temporal pattern with which the sequence of the messages is expected to reach the user, and comparing the second and third temporal patterns.
  - 3. The method according to claim 1, wherein the monitored flows are encrypted.
  - 4. The method according to claim 1, wherein associating the identified flow with the user comprises extracting from the identified flow a communication identifier of a communication terminal operated by the user.
  - 5. The method according to claim 4, and comprising tracking the user using the extracted communication identifier.
  - 6. The method according to claim 1, wherein sending the messages comprises communicating with the user using a given communication application, and wherein monitoring the flows comprises choosing to monitor the flows of the given communication application.
  - 7. The method according to claim 1, wherein sending the messages comprises configuring the messages such that the messages will not be presented to the user.
  - 8. The method according to claim 1, wherein identifying the flow comprises matching traffic arrival times in the flow with respective traffic transmission times in the sequence of the messages.
  - 9. The method according to claim 1, wherein identifying the flow comprises matching traffic volume as a function of time in the flow and in the sequence of the messages.
  - 10. The method according to claim 1, wherein identifying the flow comprises progressively narrowing down a list of candidate flows that match the sequence of the messages, so as to converge to the identified flow.

11. An apparatus, comprising:
- an interface for communicating over a communication network; and
  
  a processor, which is configured to monitor multiple flows of communication traffic in the communication network, to send a sequence of layer-7 messages in accordance with a first temporal pattern to a layer-7 identifier of a user, to identify among the monitored flows a flow whose activity has a second temporal pattern that matches the first temporal pattern, and to associate the identified flow with the user.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus according to claim 11, wherein the processor is configured to identify the flow by predicting a third temporal pattern with which the sequence of the messages is expected to reach the user, and comparing the second and third temporal patterns.
  - 13. The apparatus according to claim 11, wherein the monitored flows are encrypted.
  - 14. The apparatus according to claim 11, wherein the processor is configured to extract from the identified flow a communication identifier of a communication terminal operated by the user.
  - 15. The apparatus according to claim 14, wherein the processor is configured to track the user using the extracted communication identifier.
  - 16. The apparatus according to claim 11, wherein the processor is configured to send the messages to the user using a given communication application, and to choose to monitor the flows of the given communication application.
  - 17. The apparatus according to claim 11, wherein the processor is configured to configure the messages such that the messages will not be presented to the user.
  - 18. The apparatus according to claim 11, wherein the processor is configured to identify the flow by matching traffic arrival times in the flow with respective traffic transmission times in the sequence of the messages.
  - 19. The apparatus according to claim 11, wherein the processor is configured to identify the flow by matching traffic volume as a function of time in the flow and in the sequence of the messages.
  - 20. The apparatus according to claim 11, wherein the processor is configured to progressively narrow down a list of candidate flows that match the sequence of the messages, so as to converge to the identified flow.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cognyte Technologies Israel Ltd. (Cognyte Software Ltd.)
Original Assignee
Verint Systems Limited (Verint Systems Incorporated)
Inventors
Altman, Yuval
Primary Examiner(s)
Moore, Jr., Michael J

Application Number

US14/604,144
Publication Number

US 20150215221A1
Time in Patent Office

830 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 43/10   Active monitoring, e.g. hea...

H04L 43/106   using time related informat...

H04L 47/2475   for supporting traffic char...

H04L 47/2483   involving identification of...

H04L 63/0428   wherein the data content is...

H04L 63/306   intercepting packet switche...

System and method for extracting user identifiers over encrypted communication traffic

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for extracting user identifiers over encrypted communication traffic

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links